mobbin-ux
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill ingests untrusted external content from Mobbin via browser screenshots and metadata extraction, then uses this information to guide code implementation.
- Ingestion points: Browser screenshots and search result text from
mobbin.com(documented in Step 2). - Boundary markers: None. There are no instructions to disregard embedded commands found within the design patterns or UI text.
- Capability inventory: The skill uses
claude-in-chromeMCP for browser automation (navigation, clicking, screenshots) and has the capability to 'rebuild UI following the spec' (Step 6), which implies code modification/file writes. - Sanitization: None. The agent directly extracts patterns and applies them to the implementation phase.
- [Command Execution] (MEDIUM): The skill utilizes browser automation tools (
claude-in-chromeMCP) to perform actions like navigation, clicking, and screen capture. While necessary for the skill's function, browser automation provides a significant attack surface if redirected to malicious sites or if interacting with crafted DOM elements.
Recommendations
- AI detected serious security threats
Audit Metadata